An alternative way to secure SPAs (with ASP.NET Core, OpenID Connect, OAuth 2.0 and ProxyKit)

added by DotNetKicks
2/5/2019 12:43:24 PM

2 Kicks, 204 Views

You might have noticed the recent public discussions around how to securely build SPAs - and especially about the "weak security properties" of the OAuth 2.0 Implicit Flow. Brock has written up a good summary here. The whole implicit vs code flow discussion isn't particularly new - and my stance was always that, yes -...